What is your expectation of a logout? If you don't have an IDP component and instead authenticate against LDAP directly within Tomcat, you'll loose your application http session and all data stored in the application session is gone. When you access the application again, you're promted to enter username/password again and a new application session is created. The purpose of single sign on is that you got a session with the IDP and a session with each application which you accessed since the login with the IDP. If you "logout" from the application, the application session is gone, but not the session with the IDP. There is also the concept of single logout but this means that you logout from all the applications which are accessed after the IDP session is created. Is this the functionality you're looking for?
Thanks ------ Oliver Wulff Blog: http://owulff.blogspot.com Solution Architect http://coders.talend.com Talend Application Integration Division http://www.talend.com ________________________________________ From: Federico Tello Gentile [fgent...@lifia.info.unlp.edu.ar] Sent: 16 July 2013 20:00 To: users@cxf.apache.org Subject: Re: Running Fediz Spring example webapp El 15/07/13 12:14, Oliver Wulff escribió: > You don't have to deploy the plugins for tomcat as you use spring security to > enforce authentication. > Please update the issuer url to the following (WEB-INF/fediz_config.xml, I'll > delete the one in src/main/config) > https://localhost:9443/fediz-idp/federation Thanks for the help. I got the login to work. Apparently you don't need to set up any Tomcat valve for this example. So now I'm trying to understand the example a bit more. Is it correct that logout is not supported in the example as is? There's a Jira https://issues.apache.org/jira/browse/FEDIZ-28 explaining to set up a logout filter, but the class org.apache.cxf.fediz.service.idp.LogoutFilter is not in fediz-idp classpath or anywhere I can find it. it is not in svn either. cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/LogoutFilter.java Does not seem to exist... in https://svn.apache.org/repos/asf/cxf/fediz/trunk
